It will cost you about $20,000 to build one, and you'll need twenty rack units of space in a server room. (That's just under a rack-metre.)

You'll also need an industrial-style power supply delivering 7kW, which is where the paper's title comes from, plus some half-decent air conditioning.

In return for your investment, claims Gosney, you'll be able to brute-force all regular eight-character Windows passwords from their NTLM hashes in about six hours.

That's about four times faster than Gosney's previous top-end hashbusting machine, which needed 24 hours - an entire day! - to do the same job.

Why so fast? And why Windows passwords?

The reason is that NTLM relies on one of the easiest-to-crack hashing systems still in widespread use: a straight, unsalted, uniterated MD4 hash of your password. (The raw password is presented in little-endian UCS-2 format, with 16 bits per character, not as an ASCII string.)

If you have a UNIX-flavour command prompt and some common utilities handy, you can convert any ASCII password to its NTLM hash like this:

Note that, with no salt, everyone who chooses "password" as a password will end up with the same hash, so you can use a pre-computed database of common hashes.

But with Gosney's cracker, you might as well not bother pre-calculating anything: you can churn through nearly 400,000,000,000 MD4 hashes per second and save yourself the space you'd need to store the lookup table.

But if they do get and crack your password hashes, they may be able to get back in later at their leisure, even if you close the security hole they used to grab your SAM data. And they'll have the plaintext of your password, which could cost you if you have used it anywhere else.

So here are two lessons we can learn from this:

• Eight characters just isn't long enough for a password these days.

→ Choose long and complex passwords, or use a password management tool to help you. That way, you keep ahead of the bulk cracking tools. If eight characters gives 98-to-the-power-8 choices, adding just three more randomly-chosen characters multiplies that by a further 98-to-the-3, or close to 1,000,000-fold.

• You probably have other passwords even more easily crackable than your Windows one.

Some websites or online services may even even keep plaintext, or unhashed, copies of your password. Cracking time for those is zero.

→ Don't use the same password for multiple accounts. That way, you don't lose the keys to the whole castle if any of your individual passwords is compromised.

Oh, and if you're looking for the briefest of technical challenges over the holiday season, why not satisfy yourself how risky simple passwords are by having a go at the hashes in the Windows 8 screen shot above?

Estimated time to crack once you're ready to go, even without a GPU: well under a second.

The results below are GPU-based with just 2 radeon 7970s in use (~11B NTLM/sec) focused on 1-8 chars lowercase and numeric only (no symbols, upper case, etc.). The running times indicated are within a given password length after incrementing up.

Oh my word. ANY Windows Administrator who STILL doesn't set GPOs to prevent the storing of NTLM hashes needs to be shot. Why do SO many "hacks" still rely on poor NT4 technologies?
And if you have done ANY studies wrt IT systems, you would know that an IT system consists of Hardware, Software, Peripherals as well as the organic interface between the chair and the keyboard. As you are responsible for the IT system, you are therefore responsible to train the end-users in proper computing practices as well, whether you like it or not. If they don't want to be trained, you just set your password policy to use at least 9 characters. How easy is it to train people that PHRASES are the way to go. How long is it going to take to crack: "My Girlfriend is a Minx!!" ??
But then, seeing that in the UK IT salaries are laughable, maybe the saying is true: pay peanuts, get monkeys....

Yes, because it contains not dictionary Unicode characters (the space character).
That password would take a long time to crack and I'd imagine a dictionary attack would have issues parsing the space character.

It is fairly safe against the common password cracking techniques used today. Most of them do not try sentences or more than a few words strung together. They tend to focus on either brute forcing shorter strings (his sentence is too long for brute forcing to discover) or trying dictionary words/names with slight modifications (e.g. P@ssword1).

However, researchers are already working to develop phrase lists pulled from movie names, song lyrics, and Wikipedia entries. Once attackers start using these effectively to guess popular passphrases they won't be as secure.

I'd always encourage throwing some symbols or misspelled words in there to bump up the security.

The idea behind NOT using words in a dictionary is because a dictionary attack literally runs the words in a dictionary against your passwords. The dictionary however does not have phrases. To make THAT work, you have to add the actual phrases in your "dictionary file". Currently (and yes - that is CURRENTLY), to crack this password you have to brute force it, until somebody clever figures out a way to start creating sensible phrases. The next thing I will do, is to start generating phrases using multiple languages....

I would modify that to increase security and make it even harder to crack by including non-alphanumeric characters and non-standardised spelling.... something like "my G1rlfrend iz a Mynx!!" Just make it catchy enough that you'll remember it

wow...i would love a shot at your network. an IT guy who is as smart and confident as you are definitely has holes in his network. Expecting every IT guy in every office in america to be the "trainer" is just laughable as well. Bet your users really "love* you lol....

It doesn't go about confident. It goes about trying my best to ensure my ass is as safe as possible in case of a security-breach, and that includes documentary proof that I have done my best to educate end-users.
It goes about layers of security. And your network is only as secure as your weakest link. Therefore, if you don't educate your end-users (and there are MANY different ways to do this - you don't have to lecture them), all your OTHER methods of security will become null and void if users don't understand the importance of long, complex password that is easy to remember.
Obviously, if you are in a large organisation where management are not lax to invest some money to improve security, multi-factor authentication is the way to go. Also using a certificate infrastructure to authenticate ALL clients. Etc...
The only secure computer is one encased in a few cubic meters of concrete, not attached to any cables, and dropped in the deepest part of the ocean, and even then it might not be secure.
The hacker has to be lucky once. You as the IT guy have to be lucky the whole time. Forget that at your peril...

It may be easy to remember, but for people who aren't touch typists (or maybe especially for those who are), it is difficult to type accurately.

Even experienced users can lock themselves out through mistyping. Setting ever more complex password restrictions will merely infuriate the users (And no. Password managers in a corporate environment are unequivocally verboten, so don't even go there)

In short, as other posters have alluded, IT security needs to be "in depth" (multiple discrete layers - MAC verification, IP whitelists, multiple internal/external firewalls, passwords as a starter) rather than "in width" (single 256 character password that must contain no dictionary words, at least 32 non-printable unicode characters, to be changed every day, with no repetitions for the last 1000 years - OK, I exaggerate)

I'd like to clear up a common misconception that you reinforce in this article. There is a difference between NTLM (AKA "NT hash") password hashes and the NTLM authentication protocol. Kerberos should be the authentication protocol used in modern Windows domains, however it still uses the NTLM password hashes. So you cannot simply stop using NTLM password hashes (your linked Microsoft article is talking about the auth protocol).

You can turn off the storage of LM password hashes, which you definitely should do if you don't have to support legacy Windows systems. They are much weaker than NTLM hashes.

You can also set GPO restrictions on what versions of the NTLM authentication protocol is used. There were security vulnerabilities in earlier versions so you typically want to force use of the NTLMv2 authentication protocol unless you have legacy Windows systems that prevent this.

I hear you - there's plenty of potential for confusion between NTLM *hashing* and NTLM *authentication*. (The latter is an across-the-network challenge-response protocol that involves an NTLM hash at its core.)

But I think I was careful enough always to say, "NTLM hash" when that's what I meant...and in the article by Microsoft to which I link, the author argues against NTLM (with the term used ambiguously) on several grounds, including its use of an unsatisfactory cryptographic primitive, viz. MD4.

The screenshot from Windows was supposed to provide a bit of context.

IIRC Windows 8 suppresses the storage of LM hashes (an even weaker hash than the long-disavowed MD4 used by NTLM) by default...

MD4 should have died about the time computers stopped needing a separate floating point coprocessor. Not that there is a connection, mind you, but the handwriting was on the wall for weak cryptographic methods.

How about I copy and past the concise Oxford dictionary?
Would that be safe? :P
I have always used phrases combined with personal info upper and lower case as well as number/letter substitution.
I even have passwords hints that are coded only to me.

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009.
Follow him on Twitter: @duckblog